--- /dev/null
+From 0ee74d5a48635c848c20f152d0d488bf84641304 Mon Sep 17 00:00:00 2001
+From: Rolf Eike Beer <eb@emlix.com>
+Date: Tue, 25 May 2021 15:08:02 +0800
+Subject: iommu/vt-d: Fix sysfs leak in alloc_iommu()
+
+From: Rolf Eike Beer <eb@emlix.com>
+
+commit 0ee74d5a48635c848c20f152d0d488bf84641304 upstream.
+
+iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent
+errors.
+
+Fixes: 39ab9555c2411 ("iommu: Add sysfs bindings for struct iommu_device")
+Cc: stable@vger.kernel.org # 4.11.x
+Signed-off-by: Rolf Eike Beer <eb@emlix.com>
+Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
+Link: https://lore.kernel.org/r/17411490.HIIP88n32C@mobilepool36.emlix.com
+Link: https://lore.kernel.org/r/20210525070802.361755-2-baolu.lu@linux.intel.com
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/iommu/dmar.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/iommu/dmar.c
++++ b/drivers/iommu/dmar.c
+@@ -1116,7 +1116,7 @@ static int alloc_iommu(struct dmar_drhd_
+
+ err = iommu_device_register(&iommu->iommu);
+ if (err)
+- goto err_unmap;
++ goto err_sysfs;
+ }
+
+ drhd->iommu = iommu;
+@@ -1124,6 +1124,8 @@ static int alloc_iommu(struct dmar_drhd_
+
+ return 0;
+
++err_sysfs:
++ iommu_device_sysfs_remove(&iommu->iommu);
+ err_unmap:
+ unmap_iommu(iommu);
+ error_free_seq_id:
--- /dev/null
+From a421d218603ffa822a0b8045055c03eae394a7eb Mon Sep 17 00:00:00 2001
+From: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Date: Wed, 19 May 2021 12:54:51 -0400
+Subject: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
+
+From: Anna Schumaker <Anna.Schumaker@Netapp.com>
+
+commit a421d218603ffa822a0b8045055c03eae394a7eb upstream.
+
+Commit de144ff4234f changes _pnfs_return_layout() to call
+pnfs_mark_matching_lsegs_return() passing NULL as the struct
+pnfs_layout_range argument. Unfortunately,
+pnfs_mark_matching_lsegs_return() doesn't check if we have a value here
+before dereferencing it, causing an oops.
+
+I'm able to hit this crash consistently when running connectathon basic
+tests on NFS v4.1/v4.2 against Ontap.
+
+Fixes: de144ff4234f ("NFSv4: Don't discard segments marked for return in _pnfs_return_layout()")
+Cc: stable@vger.kernel.org
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfs/pnfs.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+--- a/fs/nfs/pnfs.c
++++ b/fs/nfs/pnfs.c
+@@ -1136,6 +1136,11 @@ _pnfs_return_layout(struct inode *ino)
+ {
+ struct pnfs_layout_hdr *lo = NULL;
+ struct nfs_inode *nfsi = NFS_I(ino);
++ struct pnfs_layout_range range = {
++ .iomode = IOMODE_ANY,
++ .offset = 0,
++ .length = NFS4_MAX_UINT64,
++ };
+ LIST_HEAD(tmp_list);
+ nfs4_stateid stateid;
+ int status = 0;
+@@ -1162,16 +1167,10 @@ _pnfs_return_layout(struct inode *ino)
+ }
+ valid_layout = pnfs_layout_is_valid(lo);
+ pnfs_clear_layoutcommit(ino, &tmp_list);
+- pnfs_mark_matching_lsegs_return(lo, &tmp_list, NULL, 0);
++ pnfs_mark_matching_lsegs_return(lo, &tmp_list, &range, 0);
+
+- if (NFS_SERVER(ino)->pnfs_curr_ld->return_range) {
+- struct pnfs_layout_range range = {
+- .iomode = IOMODE_ANY,
+- .offset = 0,
+- .length = NFS4_MAX_UINT64,
+- };
++ if (NFS_SERVER(ino)->pnfs_curr_ld->return_range)
+ NFS_SERVER(ino)->pnfs_curr_ld->return_range(lo, &range);
+- }
+
+ /* Don't send a LAYOUTRETURN if list was initially empty */
+ if (!test_bit(NFS_LAYOUT_RETURN_REQUESTED, &lo->plh_flags) ||
projects / thirdparty / kernel / stable-queue.git / commitdiff
